Configure & Enable SSH Key Access

To securely use SSH to access Asset Manager with a locally accessible private key, follow this process:

Before You Begin

  • Verify that tools such as putty, winscp, puttygen, or terminal are installed on your workstation.

  • You will need to access a PKI-enabled Command Center via SSH to work in the CLI of a CAC-enabled Asset Manager system.

  • Certificate files you will need for SSH Authorization:

    • Workstation Public Key
    • Workstation Private Key

Obtain RSA Key Pair

Using SSH keygen

You can generate the keypair using line command SSH-keygen or an application like puttyGen.    

  • On the workstation you will use to access Asset Manager, you will use the ssh-keygen command to access your RSA private and public keys

Using PuTTYGen   

  1. Open PuTTY Gen and select Generate KeyPair.
  2. Save the private key in a secure location on your machine. 
  3. Copy the string for the public key (starts with ssh-rsa) and save it as a Rich Text file using WordPad.  When saving define the filename with .pub; for example user1-public-key.pub.  This is your public key file. 

Note: Do not use Notepad as it will contain extra line breaks when converted to UNIX format.  

Convert RSA Key Pair Files in the Correct Format

No file conversion is needed for SSH access if using the SSH keygen or PuTTYGen.  Other key-pair generation applications may require format conversion.

Installing the SSH RSA Public Key

Using the GUI

    1. Select Settings > Users > Manage PKI
    2. Select a user under User ID.
    3. Select SSH Key under Certificate Type. 
    4. Verify the Install radial button is selected
    5. Drag and drop or browse to the user public file in “Upload an SSH Key” box and click Submit.

Using CLI

  1. Upload the SSH public key to the Asset Manager system remembering the file name and Asset Manager directory path it was saved.
  2. Run the following command on the CLI to install the public key
    certificate ssh install /pathto/file/”filename”  <user name>

Enable PKI

Enable PKI through GUI if not done already

  1. Select Settings > Asset Manager Systems > System Information panel > PKI.
  2. Switch the Require user certificate key to enabled. 
  3. You will need to acknowledge and verify the result of requiring a user certificate for non-PKI users. If you will proceed, click Enable PKI

Access Command Center using PuTTY

You can now access the Command Center from your workstation.  Below is an example how to do so via putty. 

  1. Open PuTTY and in configuration, go to Connection > SSH > Auth and select the private key under Private key file for authentication.  Add the host information and save the session.
  2. PuTTY will use the public-private key pair to authenticate.  It should not prompt you for a password unless a password has been set on the private key.